strange login/password problem

Philippe Trolliet philippe.trolliet at novatec-gmbh.de
Thu Aug 23 06:46:05 EDT 2007 

i used testsaslauthd to check if it works with saslauthd too. it worked. it
doesn´t matter what is after the "keht77&0"-string.
here the commands i used:
$ testsaslauthd -u user at domain.com -p "keht77&0kkkk" -s <tested services:
imap, smtp, pop>
or
$ testsaslauthd -u user at domain.com -p "keht77&0kfdkdoe" -s <tested services:
imap, smtp, pop>

for every command i get
0: OK "Success."

here my pam configuration:
- saslauthd is configured to use pam
- all user information is stored in a mysql database
- following pam modules are configured to lookup the user credentials from
mysql-db:
	- imap
	- pop
	- sieve
	- smtp
	- smtp.postfix
	- smtp.postfis

every service has the following configuration:
auth       sufficient   pam_mysql.so user=<some-user> passwd=<password>
host=localhost db=<db-name> table=accountuser usercolumn=username
passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg
logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time
account    required     pam_mysql.so user=<some-user> passwd=<password>
host=localhost db=<db-name> table=accountuser usercolumn=username
passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg
logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time

i don´t know why but logging doesn´t work. the table where all the log
information should be stored is empty.

regards
philippe


> -----Original Message-----
> From: Karthikeyen [mailto:karthikeyen.smv at gmail.com]
> Sent: Donnerstag, 23. August 2007 05:51
> To: 'Philippe Trolliet'; 'Cyrus-Sasl'
> Subject: RE: strange login/password problem
>
>
> Use testsaslauthd and check what you have observed is true. Then check the
> password policy of the pam module for sasl and the authentication system
> with which sasl works for authentication.
>
> If your observation is not true, then it is the situation where
> you use one
> authentication system(linux passwd file) which can give green signal to
> access services like pop3 or the other authentication
> system(LDAP, with sasl
> for smtp authentication) gives the green signal to authenticate a user to
> use system services like pop3 or smtp.
>
> In that case you find a way to synchronize user information in
> both ldap and
> Linux passwd file whenever you allow passwd change via horde.
> Else work with
> the PAM modules settings for both ldap and Linux password file
> authentication should be necessary for a successful session initiation to
> access system services like pop3 and smtp.
>
> Hope I am not confusing.
> Muthu
>
> -----Original Message-----
> From: cyrus-sasl-bounces at lists.andrew.cmu.edu
> [mailto:cyrus-sasl-bounces at lists.andrew.cmu.edu] On Behalf Of Philippe
> Trolliet
> Sent: Wednesday, August 22, 2007 8:38 PM
> To: Cyrus-Sasl
> Subject: strange login/password problem
>
> hi,
> i have a strange login problem on my mailserver and i don´t know
> what it is.
> i assume that it has something to do with saslauthd.
> here my problem:
> this morning a user said that he can use 2 different passwords for his
> account. he was using the horde webclient to login. horde itself is
> configured to use imp (imap) for authentication.
> he used the following 2 passwords:
> 	keht77&0nme
> 	keht77&0nba
> first i thought that it has something to do with horde. so i
> created an imap
> connection in outlook to test if this just works with horde. i used both
> passwords for receiving (imap) and sending (smtp with
> authentication) mail.
> both passwords worked fine.
> now i think that it has something to do with saslauthd or the
> '&'-character
> in the password. it doesn´t matter which characters follow the string
> "keht77&0". it accepts everything. it has nothing to do with a
> maximum of 8
> characters for passwords because my own is longer than 8 characters and i
> have to supply the whole password string.
> i also tried to change the password to "keht77&0nme" directly on the
> database with phpmyadmin. but this didn´t change anything.
>
> saslauthd is started with the -c option to cache user credentials because
> the swap space on the mailserver went out auf space and so it crashed. it
> uses pam to authenticate and pam itself is configured to search for the
> login credentials in a mysql database.
>
> i hope that i haven´t forgot anything and that anybody can help me.
>
> regards
> philippe
>
>
>
> __________ NOD32 2477 (20070823) Information __________
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
>
>

More information about the Cyrus-sasl mailing list